CVE-2008-2476

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-2476
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
http://secunia.com/advisories/32112 Vendor Advisory
http://secunia.com/advisories/32116
http://secunia.com/advisories/32117 Vendor Advisory
http://secunia.com/advisories/32133
http://secunia.com/advisories/32406
http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc Vendor Advisory
http://securitytracker.com/id?1020968
http://support.apple.com/kb/HT3467
http://www.kb.cert.org/vuls/id/472363 US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-7H2RY7 US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-7H2S68 US Government Resource
http://www.openbsd.org/errata42.html#015_ndp
http://www.openbsd.org/errata43.html#006_ndp
http://www.securityfocus.com/bid/31529
http://www.securitytracker.com/id?1021109
http://www.securitytracker.com/id?1021132
http://www.vupen.com/english/advisories/2008/2750
http://www.vupen.com/english/advisories/2008/2751
http://www.vupen.com/english/advisories/2008/2752
http://www.vupen.com/english/advisories/2009/0633
https://exchange.xforce.ibmcloud.com/vulnerabilities/45601
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
http://secunia.com/advisories/32112 Vendor Advisory
http://secunia.com/advisories/32116
http://secunia.com/advisories/32117 Vendor Advisory
http://secunia.com/advisories/32133
http://secunia.com/advisories/32406
http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc Vendor Advisory
http://securitytracker.com/id?1020968
http://support.apple.com/kb/HT3467
http://www.kb.cert.org/vuls/id/472363 US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-7H2RY7 US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-7H2S68 US Government Resource
http://www.openbsd.org/errata42.html#015_ndp
http://www.openbsd.org/errata43.html#006_ndp
http://www.securityfocus.com/bid/31529
http://www.securitytracker.com/id?1021109
http://www.securitytracker.com/id?1021132
http://www.vupen.com/english/advisories/2008/2750
http://www.vupen.com/english/advisories/2008/2751
http://www.vupen.com/english/advisories/2008/2752
http://www.vupen.com/english/advisories/2009/0633
https://exchange.xforce.ibmcloud.com/vulnerabilities/45601
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:force10:ftos:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:jnos:*:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:4.3:*:*:*:*:*:*:*
cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*
cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*
cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*
History

21 Nov 2024, 00:46

Type Values Removed Values Added
References () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc - () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc -
References () http://secunia.com/advisories/32112 - Vendor Advisory () http://secunia.com/advisories/32112 - Vendor Advisory
References () http://secunia.com/advisories/32116 - () http://secunia.com/advisories/32116 -
References () http://secunia.com/advisories/32117 - Vendor Advisory () http://secunia.com/advisories/32117 - Vendor Advisory
References () http://secunia.com/advisories/32133 - () http://secunia.com/advisories/32133 -
References () http://secunia.com/advisories/32406 - () http://secunia.com/advisories/32406 -
References () http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc - Vendor Advisory () http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc - Vendor Advisory
References () http://securitytracker.com/id?1020968 - () http://securitytracker.com/id?1020968 -
References () http://support.apple.com/kb/HT3467 - () http://support.apple.com/kb/HT3467 -
References () http://www.kb.cert.org/vuls/id/472363 - US Government Resource () http://www.kb.cert.org/vuls/id/472363 - US Government Resource
References () http://www.kb.cert.org/vuls/id/MAPG-7H2RY7 - US Government Resource () http://www.kb.cert.org/vuls/id/MAPG-7H2RY7 - US Government Resource
References () http://www.kb.cert.org/vuls/id/MAPG-7H2S68 - US Government Resource () http://www.kb.cert.org/vuls/id/MAPG-7H2S68 - US Government Resource
References () http://www.openbsd.org/errata42.html#015_ndp - () http://www.openbsd.org/errata42.html#015_ndp -
References () http://www.openbsd.org/errata43.html#006_ndp - () http://www.openbsd.org/errata43.html#006_ndp -
References () http://www.securityfocus.com/bid/31529 - () http://www.securityfocus.com/bid/31529 -
References () http://www.securitytracker.com/id?1021109 - () http://www.securitytracker.com/id?1021109 -
References () http://www.securitytracker.com/id?1021132 - () http://www.securitytracker.com/id?1021132 -
References () http://www.vupen.com/english/advisories/2008/2750 - () http://www.vupen.com/english/advisories/2008/2750 -
References () http://www.vupen.com/english/advisories/2008/2751 - () http://www.vupen.com/english/advisories/2008/2751 -
References () http://www.vupen.com/english/advisories/2008/2752 - () http://www.vupen.com/english/advisories/2008/2752 -
References () http://www.vupen.com/english/advisories/2009/0633 - () http://www.vupen.com/english/advisories/2009/0633 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/45601 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/45601 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670 -
References () https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view - () https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view -
Information

Published : 2008-10-03 15:07

Updated : 2024-11-21 00:46

NVD link : CVE-2008-2476

Mitre link : CVE-2008-2476

CVE.ORG link : CVE-2008-2476

JSON object : View

Products Affected

netbsd

  • netbsd

openbsd

  • openbsd

windriver

  • vxworks

juniper

  • jnos

force10

  • ftos

freebsd

  • freebsd
CWE
CWE-20

Improper Input Validation